Definition of "Remember Me" feature is
When you check the "Remember Me" checkbox at the Portal Login page, your login will be remembered for some days, even after you close your browser. The next time you open the same browser within that time period, you will be automatically logged in.
I did not get how it actually works internally.
say I hit the app1 and logs in with my credentials. webserver creates the user object and stores it in session. now whenever I hit app1 from tabs(same or different) of the same browser instance, cookies will be sent to and fro. Makes sense.
But Once I close the browser and open the new window, and hit the app1. A new set of cookies will be sent (not the previous one) and webserver will create the new session and ask for the credentials.
So I am really not getting how remember me works once browser is closed and new window is opened?
Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It's safe to use on trusted computers, and lasts for 30 days.
Laravel authentication offers remember me functionality out of the box. In order to use it you need to do 2 things: add remember_token column in your users table - this is where the token will be stored. pass true as a second parameter of Auth::attempt() to enable remember me behaviour.
Typically it's done via a cookie. Upon user login, a cookie is set with a specific (cryptographically secure) code (typically NOT including the user's password or any derivation thereof, but instead a hash that is used to look for the user), which is sent with each request.
A more secure way to implement the remember me feature is to store a random token instead of a user id in both cookies and database server. When users access the web application, you match the cookies' tokens with those stored in the database. Also, you can check the token's expiration time.
The remember-me feature typically works by generating a unique cookie, associating it with the user in the database, and adding a persistent cookie (i.e. a cookie which is saved on disk by the browser) to the response once the user is logged in.
When the user opens the browser again and goes back to the app, the browser sends this cookie, and the server finds if any user has this cookie in the database. If the user is found, he's automatically authenticated and a new session is started for this cookie.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With